Spaces:

NikaMimi
/

SirMeowManager

Sleeping

App Files Files Community

NikaMimi commited on Jul 25, 2025

Commit

080cd1e

verified ·

1 Parent(s): 5f35238

Upload 8 files

Browse files

Files changed (2) hide show

README.md +2 -0
app.py +84 -10

README.md CHANGED Viewed

@@ -20,6 +20,7 @@ A modern web interface for managing Discord bot AI model configurations stored i
 3. Configure environment variables in Space settings:
    - `FIREBASE_URL`: Your Firebase Realtime Database URL
    - `FIREBASE_SERVICE_ACCOUNT_B64`: Base64-encoded service account JSON
 4. The app will build automatically and be available on port 7860
 ### Local Development:
@@ -47,6 +48,7 @@ A modern web interface for managing Discord bot AI model configurations stored i
 ## ✨ Features
 - **Model Management**: Add, edit, delete AI models by category
 - **Image Previews**: Thumbnail carousels from Civitai API with metadata
 - **Advanced Filtering**: Sort by reactions/comments/newest, NSFW levels, time periods

 3. Configure environment variables in Space settings:
    - `FIREBASE_URL`: Your Firebase Realtime Database URL
    - `FIREBASE_SERVICE_ACCOUNT_B64`: Base64-encoded service account JSON
+   - `ADMIN_KEY`: Secret admin key for authentication (set this to a secure password)
 4. The app will build automatically and be available on port 7860
 ### Local Development:
 ## ✨ Features
+- **🔐 Admin Authentication**: Secure login with admin key protection
 - **Model Management**: Add, edit, delete AI models by category
 - **Image Previews**: Thumbnail carousels from Civitai API with metadata
 - **Advanced Filtering**: Sort by reactions/comments/newest, NSFW levels, time periods

app.py CHANGED Viewed

@@ -1,6 +1,6 @@
-from fastapi import FastAPI, HTTPException, Request
 from fastapi.staticfiles import StaticFiles
-from fastapi.responses import HTMLResponse, FileResponse
 from pydantic import BaseModel
 import os
 import json
@@ -8,6 +8,8 @@ import firebase_admin
 from firebase_admin import credentials, db
 import base64
 import time
 from dotenv import load_dotenv
 from typing import List, Dict, Any, Optional
@@ -16,6 +18,33 @@ load_dotenv()
 app = FastAPI(title="CatGPT Model Manager", description="Modern web interface for managing Discord bot AI models")
 class FirebaseManager:
     def __init__(self):
         self.app = None
@@ -223,12 +252,57 @@ class ModelUpdate(BaseModel):
     field: str
     value: Any
-# API Routes
 @app.get("/", response_class=HTMLResponse)
-async def read_root():
-    """Serve the main HTML page"""
     return FileResponse('index.html')
 @app.get("/api/models")
 async def get_all_models():
     """Get all models from all categories"""
@@ -252,7 +326,7 @@ async def get_models_by_category(category: str):
     }
 @app.post("/api/models/{category}")
-async def add_model(category: str, model: ModelCreate):
     """Add a new model to a category"""
     if category not in ["pony", "illustrious", "sdxl"]:
         raise HTTPException(status_code=400, detail="Invalid category")
@@ -274,7 +348,7 @@ async def add_model(category: str, model: ModelCreate):
     return {"message": message}
 @app.put("/api/models/{category}/{model_id}")
-async def update_model(category: str, model_id: str, update: ModelUpdate):
     """Update a specific field of a model"""
     if category not in ["pony", "illustrious", "sdxl"]:
         raise HTTPException(status_code=400, detail="Invalid category")
@@ -287,7 +361,7 @@ async def update_model(category: str, model_id: str, update: ModelUpdate):
     return {"message": message}
 @app.delete("/api/models/{category}/{model_id}")
-async def delete_model(category: str, model_id: str):
     """Delete a model"""
     if category not in ["pony", "illustrious", "sdxl"]:
         raise HTTPException(status_code=400, detail="Invalid category")
@@ -315,6 +389,6 @@ app.add_middleware(
 if __name__ == "__main__":
     import uvicorn
-    port = int(os.getenv('PORT', 8000))
-    print(f"Starting CatGPT Model Manager on http://127.0.0.1:{port}")
     uvicorn.run(app, host="0.0.0.0", port=port)

+from fastapi import FastAPI, HTTPException, Request, Depends, Cookie
 from fastapi.staticfiles import StaticFiles
+from fastapi.responses import HTMLResponse, FileResponse, RedirectResponse, JSONResponse
 from pydantic import BaseModel
 import os
 import json
 from firebase_admin import credentials, db
 import base64
 import time
+import hashlib
+import secrets
 from dotenv import load_dotenv
 from typing import List, Dict, Any, Optional
 app = FastAPI(title="CatGPT Model Manager", description="Modern web interface for managing Discord bot AI models")
+# Authentication Configuration
+ADMIN_KEY = os.getenv('ADMIN_KEY')
+if not ADMIN_KEY:
+    print("WARNING: ADMIN_KEY not set. Using default key for development.")
+    ADMIN_KEY = "dev-admin-key-please-change"
+# Store active sessions (in production, use Redis or database)
+active_sessions = set()
+# Pydantic models for authentication
+class LoginRequest(BaseModel):
+    admin_key: str
+def create_session_token() -> str:
+    """Generate a secure session token"""
+    return secrets.token_urlsafe(32)
+def verify_session(session_token: Optional[str] = Cookie(None)) -> bool:
+    """Verify if session token is valid"""
+    return session_token in active_sessions
+def require_auth(authenticated: bool = Depends(verify_session)):
+    """Dependency to require authentication"""
+    if not authenticated:
+        raise HTTPException(status_code=401, detail="Authentication required")
+    return True
 class FirebaseManager:
     def __init__(self):
         self.app = None
     field: str
     value: Any
+# Authentication Routes
+@app.post("/api/login")
+async def login(request: LoginRequest):
+    """Authenticate with admin key"""
+    if request.admin_key == ADMIN_KEY:
+        session_token = create_session_token()
+        active_sessions.add(session_token)
+        response = {"success": True, "message": "Authenticated successfully"}
+        response_obj = JSONResponse(response)
+        response_obj.set_cookie(
+            key="session_token",
+            value=session_token,
+            httponly=True,
+            secure=True,
+            samesite="lax",
+            max_age=86400  # 24 hours
+        )
+        return response_obj
+    else:
+        raise HTTPException(status_code=401, detail="Invalid admin key")
+@app.post("/api/logout")
+async def logout(session_token: Optional[str] = Cookie(None)):
+    """Logout and invalidate session"""
+    if session_token and session_token in active_sessions:
+        active_sessions.remove(session_token)
+    response = {"success": True, "message": "Logged out successfully"}
+    response_obj = JSONResponse(response)
+    response_obj.delete_cookie("session_token")
+    return response_obj
+@app.get("/api/auth-status")
+async def auth_status(authenticated: bool = Depends(verify_session)):
+    """Check if user is authenticated"""
+    return {"authenticated": authenticated}
+# Main Routes
 @app.get("/", response_class=HTMLResponse)
+async def read_root(authenticated: bool = Depends(verify_session)):
+    """Serve the main HTML page or login page"""
+    if not authenticated:
+        return FileResponse('login.html')
     return FileResponse('index.html')
+@app.get("/login", response_class=HTMLResponse)
+async def login_page():
+    """Serve the login page"""
+    return FileResponse('login.html')
 @app.get("/api/models")
 async def get_all_models():
     """Get all models from all categories"""
     }
 @app.post("/api/models/{category}")
+async def add_model(category: str, model: ModelCreate, _: bool = Depends(require_auth)):
     """Add a new model to a category"""
     if category not in ["pony", "illustrious", "sdxl"]:
         raise HTTPException(status_code=400, detail="Invalid category")
     return {"message": message}
 @app.put("/api/models/{category}/{model_id}")
+async def update_model(category: str, model_id: str, update: ModelUpdate, _: bool = Depends(require_auth)):
     """Update a specific field of a model"""
     if category not in ["pony", "illustrious", "sdxl"]:
         raise HTTPException(status_code=400, detail="Invalid category")
     return {"message": message}
 @app.delete("/api/models/{category}/{model_id}")
+async def delete_model(category: str, model_id: str, _: bool = Depends(require_auth)):
     """Delete a model"""
     if category not in ["pony", "illustrious", "sdxl"]:
         raise HTTPException(status_code=400, detail="Invalid category")
 if __name__ == "__main__":
     import uvicorn
+    port = int(os.getenv('PORT', 7860))
+    print(f"Starting CatGPT Model Manager on http://0.0.0.0:{port}")
     uvicorn.run(app, host="0.0.0.0", port=port)